Case study at-a-glance
- Background: Fortune 500 not-for-profit serving more than 2 million members and 3,000 employees
- GRC Challenge: Develop a strong ERM framework made actionable for the entire organization by GRC technology.
- Solution: The organization chose the SAI360 GRC Platform for integrated risk management as its enterprise-wide risk management solution.
- Benefits: The not-for-profit can now aggregate and disaggregate its risk portfolio for decision-making, performance management, and the allocation of capital and resources. They have a complete overview of their risk landscape from different angles and for multiple purposes.
Working in silos: Without a central repository, ERM framework, or GRC technology
The organization continuously faces challenges to manage the velocity of information due to the rapid increase in regulations and the way in which technology evolves to capture more and more data.
Moreover, employees naturally shift over time and without a company-wide Enterprise Risk Management (ERM) framework as the stable factor, it was easy to get stuck in a paradigm. Prior to implementing GRC technology, groups existed in silos. Each of those groups were accomplishing tasks in documents and Excel spreadsheets. There was no central repository of data.
Without a repository for documenting regulations, frameworks, standards and policies, the organization could not connect these to business processes and entities. The business’s objective was to develop a strong ERM framework made actionable for the entire organization by GRC technology. They recognized that developing a framework could not be done in silos — only in collaboration with all the lines of defense.
A strong ERM framework made actionable by a trusted GRC solution
The not-for-profit organization began their process by developing an initial version of the ERM framework and commencing a project to identify a trusted GRC solution provider.
This GRC system would enable them to implement the framework and make it actionable for the whole organization. Based on Gartner and Forrester analyst reports, they considered seven vendors for an RFP process, and selected SAI360 because of ease of use of the GRC platform and the ability to interface with the business.
At this organization, the business owns how to manage GRC to ensure that what they do fits for compliance and is right for the customers. As such, the business was a very important stakeholder in this investigation and decision process. The SAI360 GRC platform was up and running within two months.
In control: A complete overview of the risk landscape
SAI360’s GRC technology works from the bottom up to enable the organization to aggregate and disaggregate its risk portfolio for decision-making, performance management, and the allocation of capital and resources. The organization has complete pictures of the risk landscape from different angles and for multiple purposes.
SAI360's enterprise risk management framework also means more efficiencies in the time and effort involved in making people aware of risk. SAI360 helps the organization keep control of risks such as regulatory non-compliance.
When managing risk on different levels of the organization, given the volume of regulations and risk management information to consider, there is often an exhaustion point. SAI360 prevents this exhaustion point by cutting risk management information into smaller bites to be more controllable.